REMARKS/ARGUMENTS 

This paper is submitted in reply to the Office Action dated May 6, 2005. In the Office 
Action, claims 5-12 and 43-50 were rejected under 35 U.S.C. § 102(e) as being anticipated by 
Guheen (U.S. Patent No. 6,473,794). 
Rejections Under 35 U.S.C § 102(e) 

With respect to the rejection of the claims under 35 U.S.C. § 102(e) as being anticipated by 
Guheen, Applicants respectfully traverse this rejection in view of the reasons that follow. 

Independent claim 1 describes a "method for protecting a network server from being used as 
the basis of an attack on a network client." The method comprises: 

a. restricting access to said network server to a portion of said network 
server for at least a selected protocol; and 

b. scanning said portion of said network server for particular characters, said 
particular characters being associated with said selected protocol. 

Independent claim 43 describes a "computer-implemented method for protecting a network 
server from being used as the basis of an attack on a network client." The method comprises: 

a. receiving a request for a connection at said server from said network 
client; and 

b. scanning a portion of said network server for particular characters 
associated with said selected protocol; 

c. verifying that any response from said network server to said network 
client is void of said particular characters; and 

d. providing said response from said network server to said network client. 

With respect to independent claims 1 and 43, the Examiner fails to explain how Guheen 
even remotely teaches the claimed invention. Specifically, with respect to claim 1 and the element 
of claim 1 of "restricting access to said network server to a portion of said network server for at least 
a selected protocol," the Examiner cites column 17, Directory Services and column 276, line 34 to 
column 277, line 24. These citations to Guheen, however, fail to teach or disclose the claimed 
invention as claimed in independent claim 1. 
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Specifically, Guheen, at column 17, Directory Services, describes: 

a multi-protocol, scalable global directory for storing information such as user 
definitions, user profiles, network resource definitions, and configuration 
parameters. It employs naming, directory, and authentication protocols on top of a 
shared, distributed, object repository. Users and applications can use the directory to 
locate and access information from anywhere in the network. 

Contrary to the Examiner's assertion, this cited excerpt fails to show that Guheen teaches 
"restricting access to said network server to a portion of said network server for at least a selected 
protocol." In fact, Guheen appears to teach the opposite, stating "Users and applications can use the 
directory to locate and access information from anywhere in the network." Col. 17, "Directory 
Services," lines 4-5. 

In addition, the Examiner cites column 276, line 34 to column 277, line 24 to support, 
without further explanation, the assertion that Guheen teaches "restricting access to said network 
server to a portion of said network server for at least a selected protocol," as defined in independent 
claim 1 . In this excerpt, Guheen merely teaches "a general purpose, secure, component based 
content control and distribution system." Col. 276, lines 34-35. The functions of the system 
"interact with non-secure transaction management operating system functions to properly direct 
transaction processes and data related to electronic information security, usage control, auditing, and 
usage reporting." Col. 277, lines 18-21. However, these functions merely relate to proper direction 
of transaction processes and data relating to security, and do not relate to "restricting access to said 
network server for at least a selected protocol," as recited in Claim 1. 

In addition, the Examiner cites column 19, "Product 2 ISP Server Bundle" for support to 
demonstrate that Guheen teaches, "scanning said portion of said network server for particular 
characters, said particular characters being associated with said selected protocol," as recited in 
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independent claim 1 . However, Guheen fails to teach this element of independent claim 1 in 

column 19. Specifically, the "Product2 ISP Server Bundle" in column 19 merely states: 

Targeted for internet service providers, Business l's Product2 ISP Server provides 
users with a bundle of platform extensions including the following: 

Internet Administrator - provides secure, remote management of distributed 
ISP services 

Internet Services Monitor - monitors Internet services, identifies and 
manages network problems 

Directory Services - provides a multi-protocol, global directory for storing 
information 

Host configuration - provides ISP host configuration features including 
quick, repeatable installation, Product 2 security configuration, intrusion detection, 
server process monitoring, and log file management. 

Product4 SKIP - provides encryption and key management capabilities 
which enables PCs, workstations, and servers to achieve secure/authenticated 
communication. 

Again, the Examiner cites this excerpt of Guheen, and, without further explanation, asserts 
that it discloses "scanning said portion of said network server for particular characters, said 
particular characters being associated with said selected protocol." However, nothing in the cited 
excerpt from Guheen relates to this element. The only security features taught by Guheen in this 
excerpt include "intrusion detection" and "encryption and key management capabilities," but neither 
of these relates to "scanning said portion of said network server for particular characters, said 
particular characters being associated with said selected protocol," as recited by claim 1 . 

With respect to independent claim 43, the Examiner cites FIGs. 87 and 88 to support the 
assertion that Guheen teaches the elements of independent claim 43. Specifically, independent 
claim 43 relates to "a computer-implemented method for protecting a network server from being 
used as the basis of an attack on a network client." The method comprises: 

a. receiving a request for a connection at said server from said network 
client; and 

b. scanning said portion of said network server for particular characters 
associated with a protocol; 



c. verifying that any response from said network server to said network 
client is void of said particular characters; and 

d. providing said response from said network server to said network client. 

However, while Guheen appears to disclose a security application in FIGs. 87 and 88, it is not the 
same as disclosed in independent claim 43. Specifically, FIG. 88, 2700 relates to "Allowing 
Browser-Based Authentication with User Verification Data." Therefore, FIG. 88 relates to 
authenticating the submission using verification data. Verification data typically relates to a PIN, or 
other verification technique, and is utilized to establish authentication of the user. The present 
invention, however, relates to providing security by "scanning a portion of said network server for 
particular characters associated with a protocol" and "verifying that any response from said network 
server to said network client is void of said particular characters." This security technique is 
intrinsically different then disclosed by Guheen, in that particular characters that may be hostile are 
detected and excised from any response between the network server and the network client. The 
user need not be authenticated to enable the security described in independent claim 43. 

Under 35 U.S.C. § 102(e), anticipation requires that a single reference teach each and every 
element of Applicants' claimed invention. Akzo N. V. v. U.S. ITC, 808 F.2d 1471, 1479 (Fed. Cir. 
1986). Since Guheen fails to teach or disclose each of the elements of Applicants claimed 
invention, as defined in independent claims 1 and 43, the rejections thereto have been overcome and 
should be withdrawn. 

Claims 6-12 depend from independent claim 5; and claims 44-50 depend from independent 
claim 43. These claims are further believed allowable over Guheen for the same reasons set forth 
with respect to their parent claims because each sets forth additional elements of Applicants' novel 
methods. 



CONCLUSION 



In view of the foregoing remarks, Applicants respectfully submit that all of the claims in the 
Application are in allowable form and that the Application is in condition for allowance. If, 
however, any outstanding issues remain, Applicants respectfully urge the Examiner to telephone 
Applicants' undersigned attorney so that the same may be resolved and the Application expedited to 
issue. Applicants respectfully request the Examiner to indicate all claims as allowable and to pass 
the Application to issue. 
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